Overview

overview

7

Static

static

3

5599836d66...52.exe

windows7-x64

7

5599836d66...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 05:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5599836d66d6fc8f4728ae17efbe5a52.exe

  • Size

    82KB

  • MD5

    5599836d66d6fc8f4728ae17efbe5a52

  • SHA1

    49a741fb0e7c2f3cfc886c73b0c69d58f9bd3ac0

  • SHA256

    cef42f097dfa230b7da4cfcc8da86035ee5d44f365150d0fe5f6b206264cc1cf

  • SHA512

    1a0589930163816af40059e5197a34ee564d7c4bd1d838ad564ab988be6c5cad5f4b2b2518b0675be3b15ffe9655c2057d31a0f6262b54e740b4904b30cd36a5

  • SSDEEP

    1536:yBkvVKvgbVmWElpbGwsuqjmWlsawJnmNsTNcUa+ve6KcdtxjKH7:t448ni+PWlsawouJvefR7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5599836d66d6fc8f4728ae17efbe5a52.exe
    C:\Users\Admin\AppData\Local\Temp\5599836d66d6fc8f4728ae17efbe5a52.exe
    1⤵
    • Deletes itself
    • Executes dropped EXE
    • Suspicious use of UnmapMainImage
    PID:1748
  • C:\Users\Admin\AppData\Local\Temp\5599836d66d6fc8f4728ae17efbe5a52.exe
    "C:\Users\Admin\AppData\Local\Temp\5599836d66d6fc8f4728ae17efbe5a52.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5599836d66d6fc8f4728ae17efbe5a52.exe
    Filesize

    82KB

    MD5

    6f6901fbdff15378e4675617327370dd

    SHA1

    0afd80b9ef24479ba3a4ddf0827b2d2fa3e6ef73

    SHA256

    ef66b8cce64013851165e09b908811843436bec0ffbb7b0d8e074f435cb2bd40

    SHA512

    8a3957e6f8226bf6da66329f07f4c2a1bffa74785b1c34faf61d8fe7860c3fe1fef5adc63febce3b8b0b6cc1ada093d1efc6762d443af0f5fe59df7e21ceb427

    Download Submit

  • memory/1232-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1232-1-0x00000000001C0000-0x00000000001EF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1232-2-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1232-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1748-25-0x00000000014F0000-0x000000000150B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1748-20-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1748-14-0x00000000001B0000-0x00000000001DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1748-13-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download